8e802587a54a788fe38. Any help would be appreciated.
I found a suspicious folder after removing Malware [RESOLVED]
Started by
Beetrix
, Apr 23 2008 07:32 AM
#1
Posted 23 April 2008 - 07:32 AM
8e802587a54a788fe38. Any help would be appreciated.
#2
Posted 23 April 2008 - 09:10 AM
Let's have a closer look...
1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not click on combofix's window while it's running. That may cause it to stall.
1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not click on combofix's window while it's running. That may cause it to stall.
#3
Posted 23 April 2008 - 09:39 AM
The links are not working properly. Can you send me another one.
#4
Posted 23 April 2008 - 09:53 AM
It should be working....I'm attaching it here. Try downloading the attachment.
Attached Files
#5
Posted 23 April 2008 - 10:07 AM
I am getting an Error message saying:You cannot rename ComboFix as ComboFix [1]. Please rename it.
#6
Posted 23 April 2008 - 10:35 AM
Did this prompt you when you try to run it? Did you get to the part where it asks you whether you agree to the warning/risk or not?
#7
Posted 23 April 2008 - 10:38 AM
No, it doesn't even ask me that question. My computer won't let me run it at all.
#8
Posted 23 April 2008 - 10:45 AM
Is it saved to the desktop? Also, make sure it's completely downloaded. I think it's around 1.6MB in size.
Restart the computer. Disconnect from the internet and disable all your security programs. Then try running it again.
Restart the computer. Disconnect from the internet and disable all your security programs. Then try running it again.
#9
Posted 23 April 2008 - 11:07 AM
Got it! Here is the log.
ComboFix 08-04-22.5 - HP_Owner 2008-04-23 9:55:08.1 - NTFSx86
Running from: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for ComboFix.zip\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-21 06:06 . 2008-04-21 06:06 <DIR> d-------- C:\Program Files\Sygate
2008-04-21 06:06 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-21 06:06 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-21 06:06 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-21 06:05 . 2008-04-21 06:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 18:12 . 2008-04-20 18:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-20 18:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-19 15:47 . 2008-04-19 15:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 15:44 . 2008-04-20 17:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-17 15:44 . 2008-04-20 17:37 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-04-17 15:44 . 2008-04-17 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-17 14:57 . 2008-04-17 14:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-17 14:57 . 2008-04-17 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 13:39 . 2008-04-14 19:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-15 07:42 . 2008-04-15 07:57 73,352,020 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-04-15 07:42 . 2008-04-15 07:42 73,342,722 --a------ C:\SYM_REGISTRY_BACKUP.old
2008-04-15 07:27 . 2008-04-15 14:51 <DIR> d-------- C:\Program Files\ACW
2008-04-10 12:44 . 2008-04-10 12:44 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-10 12:43 . 2008-04-10 12:44 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-10 12:43 . 2008-04-10 12:44 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-10 12:43 . 2008-04-10 12:44 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-10 12:43 . 2008-04-10 12:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-10 09:47 . 2008-04-10 09:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-10 06:10 . 2008-04-17 14:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-10 06:10 . 2008-04-10 06:10 1,152 --a------ C:\WINDOWS\system32\windrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-04-23 14:51 2,098 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-04-23 12:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 19:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-21 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 22:54 --------- d---a-w C:\Program Files\PC-Doctor for Windows
2008-04-17 22:54 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-04-14 23:33 --------- d-----w C:\Program Files\Yahoo!
2008-04-11 18:23 --------- d-----w C:\Program Files\RegistrySmart
2008-04-10 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-10 19:47 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-10 19:44 --------- d-----w C:\Program Files\Symantec
2008-04-10 19:33 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-04-10 03:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\PictureTrail
2008-04-04 01:18 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-03-30 12:34 --------- d-----w C:\Program Files\Google
2008-03-21 18:22 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-07 04:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-06 20:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-06 20:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-01 10:21 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-10 12:45 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-07-07 11:28 1110016]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-02-29 01:55 625664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
"DXDllRegExe"="dxdllreg.exe" []
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-06 22:49 718704]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-08 12:11:03 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 14:33:32 16423]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-09 13:54:54 54776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IBM WebSphere Studio Homepage Builder V6\\bin\\hpbpage.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 Blink Service;Blink Service;"C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 03:30:54 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 10:00:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-23 10:03:20
ComboFix-quarantined-files.txt 2008-04-23 17:02:56
Pre-Run: 142,844,559,360 bytes free
Post-Run: 143,351,111,680 bytes free
155 --- E O F --- 2008-04-09 15:17:43
ComboFix 08-04-22.5 - HP_Owner 2008-04-23 9:55:08.1 - NTFSx86
Running from: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for ComboFix.zip\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-21 06:06 . 2008-04-21 06:06 <DIR> d-------- C:\Program Files\Sygate
2008-04-21 06:06 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-21 06:06 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-21 06:06 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-21 06:05 . 2008-04-21 06:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 18:12 . 2008-04-20 18:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-20 18:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-19 15:47 . 2008-04-19 15:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 15:44 . 2008-04-20 17:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-17 15:44 . 2008-04-20 17:37 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-04-17 15:44 . 2008-04-17 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-17 14:57 . 2008-04-17 14:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-17 14:57 . 2008-04-17 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 13:39 . 2008-04-14 19:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-15 07:42 . 2008-04-15 07:57 73,352,020 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-04-15 07:42 . 2008-04-15 07:42 73,342,722 --a------ C:\SYM_REGISTRY_BACKUP.old
2008-04-15 07:27 . 2008-04-15 14:51 <DIR> d-------- C:\Program Files\ACW
2008-04-10 12:44 . 2008-04-10 12:44 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-10 12:43 . 2008-04-10 12:44 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-10 12:43 . 2008-04-10 12:44 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-10 12:43 . 2008-04-10 12:44 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-10 12:43 . 2008-04-10 12:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-10 09:47 . 2008-04-10 09:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-10 06:10 . 2008-04-17 14:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-10 06:10 . 2008-04-10 06:10 1,152 --a------ C:\WINDOWS\system32\windrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-04-23 14:51 2,098 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-04-23 12:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 19:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-21 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 22:54 --------- d---a-w C:\Program Files\PC-Doctor for Windows
2008-04-17 22:54 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-04-14 23:33 --------- d-----w C:\Program Files\Yahoo!
2008-04-11 18:23 --------- d-----w C:\Program Files\RegistrySmart
2008-04-10 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-10 19:47 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-10 19:44 --------- d-----w C:\Program Files\Symantec
2008-04-10 19:33 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-04-10 03:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\PictureTrail
2008-04-04 01:18 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-03-30 12:34 --------- d-----w C:\Program Files\Google
2008-03-21 18:22 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-07 04:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-06 20:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-06 20:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-01 10:21 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-10 12:45 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-07-07 11:28 1110016]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-02-29 01:55 625664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
"DXDllRegExe"="dxdllreg.exe" []
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-06 22:49 718704]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-08 12:11:03 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 14:33:32 16423]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-09 13:54:54 54776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IBM WebSphere Studio Homepage Builder V6\\bin\\hpbpage.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 Blink Service;Blink Service;"C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 03:30:54 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 10:00:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-23 10:03:20
ComboFix-quarantined-files.txt 2008-04-23 17:02:56
Pre-Run: 142,844,559,360 bytes free
Post-Run: 143,351,111,680 bytes free
155 --- E O F --- 2008-04-09 15:17:43
#10
Posted 23 April 2008 - 11:28 AM
What was the problem earlier that was giving you issues on running it?
I can't find that suspicious file/folder, but whatever it is, you may delete it. It's either a Microsoft update or some other non-important file/folder.
Your log is clean.
To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If none, go to Start->Run and copy/paste in combofix /u and hit OK to remove it. You should be set to go.
I can't find that suspicious file/folder, but whatever it is, you may delete it. It's either a Microsoft update or some other non-important file/folder.
Your log is clean.
To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If none, go to Start->Run and copy/paste in combofix /u and hit OK to remove it. You should be set to go.
#11
Posted 23 April 2008 - 02:00 PM
Oh, I forgot to save it on my desktop!
OK I will delete it. Thank you for you help.
OK I will delete it. Thank you for you help.
#12
Posted 23 April 2008 - 07:51 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users